package com.aaa.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import javax.annotation.Resource;

@Configuration  //标记当前是配置类
@EnableWebSecurity //开启web安全配置
//@EnableGlobalMethodSecurity(securedEnabled = true,jsr250Enabled = true,prePostEnabled = true)
public class SecurityConfiger extends WebSecurityConfigurerAdapter {
    @Resource
    private SuccessHandler successHandler;
    @Resource
    private FailHander failHander;
    @Resource
    private TokenAurthenticationEntryPoint tokenAurthenticationEntryPoint;
    /**
     * 1 配置自定义登陆页面
     * 2 配置登陆提交路径
     * 3 配置登陆成功后跳转的页面
     * 4 配置登陆失败后跳转的页面
     * 5 配置登陆页面的请求参数
     * 6 以上请求全不做权限验证
     * 7 除了上面的请求外添加权限验证
     * 8 禁用csrf请求
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                        .antMatchers("/function/findlist").permitAll()
                        .antMatchers("/level1/*").hasRole("vip1");



        http.formLogin()
//                .loginPage("/login")//1配置自定义登陆页面
                .loginProcessingUrl("/loginCheck")//2 配置登陆提交路径
                //.successForwardUrl("/main")//3 配置登陆成功后跳转的页面
                .successHandler(successHandler)
                //.failureUrl("/error.html")//4 配置登陆失败后跳转的页面
                .failureHandler(failHander)
                //.usernameParameter("uname")//5 原来参数名是username配置登陆页面的请求参数
                //.passwordParameter("pwd")//5 原来参数名是password配置登陆页面的请求参数
                .and()
                .exceptionHandling()
                .authenticationEntryPoint(tokenAurthenticationEntryPoint)
                .and()
                .authorizeRequests()//是否允许httpServletRequest
                .antMatchers("/function/**","/rolefun/**","/role/**","/person/**","/roomType/**","/order/**","/orderdetails/**","/check/**","/room/**")
/*                .antMatchers("/function/**","/rolefun/**","/role/**","/person/**","/roomType/file","/order/loadfind","/roomtype/findtype","/order/finddetails","/orderdetails/findbyOdid","/check/addcheck",)*/
                .permitAll()
                .anyRequest() //除了上面的请求外添加权限验证
                .authenticated() //权限验证
//                .access("@rbacConfig.hasPermission(request,authentication)")
                .and()
                .csrf().disable()//禁用csrf请求
                .cors();//开启跨域请求
    }

    /**
     * 配置自定义的用户(写死的账号 密码 放入内存)
     * 1写死 了解
     */
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.inMemoryAuthentication()
//                .passwordEncoder(new PasswordEncoderConfig())
//                .withUser("admin").password("123").roles("admin");
//    }
    @Resource
    private UserConfig userConfig;
    /**
     * 配置自定义的用户(数据库)
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //初始化一个身份认证类
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        //放入密码解码器
        daoAuthenticationProvider.setPasswordEncoder(new PasswordEncoderConfig());
        //放入查询数据库业务类
        daoAuthenticationProvider.setUserDetailsService(userConfig);
        //把身份认证类放入到配置中
        auth.authenticationProvider(daoAuthenticationProvider);
    }
}
